Welcome, Guest. Please login or register.
Did you miss your activation email?
Sunday 24 November 2024, 04:17:49 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  Hardware Support
| | |-+  Multiple Green Subnets? Preferably segregated.
0 Members and 2 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Multiple Green Subnets? Preferably segregated.  (Read 43752 times)
trymes
Full Member
***
Offline Offline

Posts: 36


« on: Wednesday 11 August 2010, 03:30:35 am »

Is it possible to create multiple Green subnets on one endian unit, preferably such that devices connected on Subnet A cannot send or receive traffic from Subnet B, without going out over the Red interface first. Each subnet would need its own DHCP server, etc. This would be used for, say, a situation where two groups shared the same internet connection, but not the same internal network.

I have installed a total of 3 network devices on the Endian unit, and they are all recognized, but I can't seem to see how I would segregate them from each other. I see where I could add an IP alias to one interface, but that would not provide DHCP for that interface, nor segregate it. I presume that VLANs will be involved to some extent.

My apologies if I have missed any obvious references to this in the documentation.

Tom
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #1 on: Wednesday 11 August 2010, 06:48:20 am »

Use GREEN, BLUE and ORANGE to have three fully separated LAN's, with three different DHCP's
Adjust the interzone firewall and you have 3 different LAN areas.
Logged
trymes
Full Member
***
Offline Offline

Posts: 36


« Reply #2 on: Wednesday 11 August 2010, 07:16:00 am »

Aha! So just set the second wired NIC to ORANGE (which is nominally Wireless, no?) and I will have two subnets, Orange will be wireless in name only.

Then, I can choose what traffic flows where using the inter-zone firewall. Seems too easy!

Thanks for the quick reply.

Tom
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #3 on: Thursday 12 August 2010, 01:39:36 am »

BLUE is the recommended Wireless zone, ORANGE is recommended for DMZ.
But in fact they are just like GREEN, you can use it to whatever you need.

If you don't have enough NIC's you can also use VLANs for that. If you need more than 3 separated LAN's I think there is no way yet to do it.
You can create alias on each zone, and have n subnets, but I think they aren't really segregated, which is a pity.
Logged
trymes
Full Member
***
Offline Offline

Posts: 36


« Reply #4 on: Tuesday 17 August 2010, 11:05:40 pm »

OK. Why would you use Orange instead of Blue? Is Blue not designed to be segregated? Wouldn't Orange be a DMZ that is open to incoming Internet traffic, or is it just a segregated network, and all incoming is blocked by default?

Tom
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #5 on: Wednesday 18 August 2010, 08:19:58 am »

Just because default rules for Interzone traffic assumes those roles, just that.
All zones except RED are similar.
Logged
trymes
Full Member
***
Offline Offline

Posts: 36


« Reply #6 on: Friday 20 August 2010, 06:20:51 am »

OK, so in other words, it shouldn't matter if I use Orange, Blue, or both for separate IP subnets, wired, wireless, or both.

Right?

Tom
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #7 on: Thursday 02 September 2010, 04:25:13 am »

Yes, only configure the firewall as you really need (Both outgoing and Inter-Zone)
Logged
laythingy59
Full Member
***
Offline Offline

Posts: 40


« Reply #8 on: Thursday 29 March 2012, 04:40:12 am »

I know this is an old post but it refers to what i want to do.
I would like 2 green interfaces. I want to team the two together to load balance. I need to route Data traffic down one green interface and voip traffic down the other.

Is this possible
Thanks

Adam
Logged
laythingy59
Full Member
***
Offline Offline

Posts: 40


« Reply #9 on: Thursday 29 March 2012, 07:31:41 pm »

Found this in old documentation

http://docs.endian.com/archive/2.1/efw.system.network_configuration.html

You can assign multiple interfaces per zone. Multiple interfaces can be added by pressing Ctrl and clicking on the desired interfaces. The interfaces will then internally bridged together, so they have the same functionality like a switch.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.109 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com